On Fri, Sep 24, 2004 at 09:41:15AM +0100, Martin O'Neal wrote: > > NASL script to detect if the remote host's clock is synchronised to the > local host. Uses ICMP TIMESTAMP, HTTP date headers and NTP (there will > be others, but this will do for a first cut). > > Uses <60sec as an acceptable level of drift, which is arbitrary and the > first thing that sprang to mind. > > Relies on the unixtime() function, so needs either the 2.1 code, or 2.0 > via CVS. This is very interesting. What do you think of the following : - Attempt to guess time via HTTP first. Mostly because if we are scanning a web server, we get an instant reply and exit instead of sending udp/icmp packets to a likely-to-be-filtered port/protocol. - The current code actually checks for 3 drifts : one in ICMP, one in NTP and one in HTTP. It's a safe bet to assume that the remote host is constistent with itself, and exit after the first answer we get (ie: if the ICMP timestamp is correct, exit right away instead of trying NTP and HTTP). ? -- Renaud _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Fri Sep 24 2004 - 06:01:40 PDT